Phone Hacking - Not Just a Phone Crime?

Phone hacking was something most of the general public were unaware of. Now, thanks to News International; it is a daily occurrence and trending ferociously (join me on Twitter as legalacademia).

As a computer enthusiast I initially 'brushed off' the term hacking being thrown around by the media. Hacking in my social circles is considered an act whereby a computer user uses their computer to gain unauthorised access to another machine. The current affair concerns 'hacks' (Journalists) ringing a phone and, when it is not answered, inserting the default P.I.N. (personal Identification Number). Not rocket science and not hacking as I know it. But then I got down off my high horse and looked at it from an academic legal perspective, giving it more consideration. What if I were prosecuting? How would I shape my case against a so-called phone hacker?

I won't add anymore to the story than most already have, and indeed, I am only interested in a particular element of the law which most have overlooked (that I am aware of, if not the case, please refer me). The Act used to arrest those responsible, Criminal Law Act 1977, S.1 (1) has been extensively covered. I would like to add a perspective to the crime that some may not have considered.

For credibility purposes and to appreciate my angle, in my 20's I worked at a communications company (litigation department) when mobile phones were available to Joe Public pretty much for the first time in Britain (I even chose my mobile number to match my home telephone number!). Previously, they were toys that only business persons had (I remember my uncles 'mobile' phone complete with car battery!).

Why do I mention this? More often than not, users would contact us complaining they had deleted an important voicemail message (hereafter, 'message'). The user thought that message was gone. Not so. As long as it was not left too long (exact time now escapes me) we (company) could retrieve it. Why? Because the message was retained on a computer system - bingo. Here enters the Computer Misuse Act 1990.

With any offence Actus Reus and Mens Rea are important. S.1 of the Act provides:

• (a) he causes (Actus Reus) a computer to perform any function with intent to secure access to any program or data held in any computer;

• (b) the access he intends (Mens Rea) to secure is unauthorised and;

• (c) he knows at the time when he causes the computer to perform the function that this is the case.

In other words, potentially any act (a) that the 'hacker' has done to change a function of the phone could come under this (accessing the messages which are causing the phone to act in a manner which is not authorised by the owner). In terms of intent (b); as the hacker is accessing the messaging function with intent to listen to messages, the program that facilitates this is a computer program and holds personal data, Mens Rea satisfied. Undoubtedly, he is aware this is illegal and thus test (c) is also satisfied.

Importantly, the definition of a computer, data or program (S.17) was never defined. Why? Because the introduction of new technology meant that everyday items could potentially be created into computers. Most mobile phones are now SmartPhones for example, mini-computers if you like. Parliament and its advisors could not even begin to think of what a computer, data or program really is so failed to define it for that very reason. To define it is to potentially discriminate against its successors.

So, what did the Police and Justice Act 2006 enact? C.48 inserted Part 5 Computer Misuse, S.35, in short it dealt with the short comings of the Computer Misuse Act 1990 (which some argue was passed in haste) by adding the following:

• Increased the penalty for unauthorised access to computer to two years in prison

• Expanded unauthorised modification of data (S3) to include someone who does an unauthorised act in relation to a computer with unauthorised access to computer material

• Made changes to the wording of the old section 1 CMA and increased the term of imprisonment

• knowingly commits an unauthorised act in relation to a computer; or

• intends to perform such an act; or

• Is reckless as to whether he might be performing such an act. (N.b. lower mens rea than S1 CMA and new S3A)

• It is much wider than old section 3 (Does not require any modification of data)

• So no longer unauthorised modification - it is unauthorised impairment.

• Requisite intent - intent to impair the operation of any computer, prevent or hinder access to any program or data held in computer or to impair the operation of any program or data held in any computer

• Magistrates court - 12 months prison

• Crown Court - 10 years or fine or both

So in other words, hackers that impair the operation of any computer; prevents or hinders access to any program or data held in any computer; or impairs the operation of any such program or the reliability of any such data (deleted messages), is liable.

Hark! I hear you cry, I'm still not convinced!

What is all this talk of computers? They used phones, didn't' they? The answer to that is we don't actually know (at least I do not). Going back to the early days of technology and phones being just phones (pre-Skype and in-house diallers which are computer systems used for calling, headset on and dialling through a computer - can you see where I'm going with this?) hackers may well have been sat at their desk or in the car tapping away at the 'phone hoping to get a default P.I.N. This has all changed with the introduction of technology. In-house diallers (see above) are computers, so now the offence has merged, again, potentially and could come under the Computer Misuse Act 1990. In-house diallers work, quite simply, where the user inputs a number to call into their computer keypad. A bit like Skype for the corporate world (but without the video - thankfully!). Again, applying the above law, can you see why these offences could now be examined under the Computer Misuse Act 1990? (as amended).

So, that said I conclude the hackers were right to be brought to justice, and were arrested contrary to the Criminal Law Act 1977 S.1(1) on suspicion of conspiring to intercept communications, inter alia, but a thorough investigation should allow for at least an examination of potential crimes under the Computer Misuse Act 1990 (as amended).